private static void SetSslVersion(EasyRequest easy, IntPtr sslCtx = default(IntPtr))
{
// Get the requested protocols.
SslProtocols protocols = easy._handler.SslProtocols;
if (protocols == SslProtocols.None)
{
// Let libcurl use its defaults if None is set.
return;
}
// We explicitly disallow choosing SSL2/3. Make sure they were filtered out.
Debug.Assert((protocols & ~SecurityProtocol.AllowedSecurityProtocols) == 0,
"Disallowed protocols should have been filtered out.");
// libcurl supports options for either enabling all of the TLS1.* protocols or enabling
// just one of them; it doesn't currently support enabling two of the three, e.g. you can't
// pick TLS1.1 and TLS1.2 but not TLS1.0, but you can select just TLS1.2.
Interop.Http.CurlSslVersion curlSslVersion;
switch (protocols)
{
case SslProtocols.Tls:
curlSslVersion = Interop.Http.CurlSslVersion.CURL_SSLVERSION_TLSv1_0;
break;
case SslProtocols.Tls11:
curlSslVersion = Interop.Http.CurlSslVersion.CURL_SSLVERSION_TLSv1_1;
break;
case SslProtocols.Tls12:
curlSslVersion = Interop.Http.CurlSslVersion.CURL_SSLVERSION_TLSv1_2;
break;
case SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12:
curlSslVersion = Interop.Http.CurlSslVersion.CURL_SSLVERSION_TLSv1;
break;
default:
throw new NotSupportedException(SR.net_securityprotocolnotsupported);
}
try
{
easy.SetCurlOption(Interop.Http.CURLoption.CURLOPT_SSLVERSION, (long)curlSslVersion);
}
catch (CurlException e) when (e.HResult == (int)CURLcode.CURLE_UNKNOWN_OPTION)
{
throw new NotSupportedException(SR.net_securityprotocolnotsupported, e);
}
}
